Adobe Acrobat Sign API Authentication: Migration Guide
Adobe is committed to providing a safe and secure product experience for our customers by adhering to the latest industry-standard security protocols. As a part of that process, Adobe Acrobat Sign is ending support (December 2021) for older API authentication models that allowed sending username and password in the API call.
Following are the steps you need to take to move to a secure authentication model:
►Use REST APIs
Enhancement to Acrobat Sign APIs are now restricted to only REST APIs. Please follow the documentation available here for learning more about the REST API. You can also quickly try out the REST API on the swagger documentation.
The very first step to enable an end-user to use your client app with Acrobat Sign is to have the end-user authenticate with Adobe. The recommended way for authenticating end users with Acrobat Sign is the standard OAuth 2.0 protocol. Please refer to this step-by-step guide on creating your application and having it integrated with Acrobat Sign OAuth workflow.
The general recommendation is that every user in the organization should directly authenticate with Adobe while using your client app to have their unique access tokens issued. SAML configuration with Acrobat Sign in your user's organization provides an easy way to do so. However, there might be enterprise use-cases where only a single admin is required to authenticate with Adobe and other users in this organization can just use the client without Adobe login. This is possible via OAUTH modifiers concept that Acrobat Sign provides. Modifiers enable clients to call APIs with admins’ OAUTH token and actual regular user’s identity in “x-api-user” header. Please refer to the guide available here for more details on modifiers.